AmCham Gdańsk invited us to the breakfast meeting on cyber security with Crowe Horwath and Lufthansa Systems Experts. The second topic to be addressed refers to the General Data Protection Regulation.

The agenda included three topics:

1. New reality in personal data protection after May 25, 2018.

The lecturer: Ms. Małgorzata Brańska, CISA (Crowe Horwath)

New, more detailed rules of personal data protection which entry into force on May 25, 2018: more laws for individuals; additional rights for data subjects whose personal data is processed; duties and obligations to change IT systems supporting the processing of personal data; duty to create an internal register of personal data processed; financial administrative penalties for non-compliance with regulations; chances and risks for entrepreneurs.

2. The darkest place is under the candlestick – what do my employees do?

The lecturer: Mr. Piotr Kaźmierczak, OSCP, CISSP (Crowe Horwath)

A worker’s perspective; the usage of internal network to cyber-attack; problems with monitoring of workers’ activity and entitlements; windows security vulnerability; what can be intercepted in LAN; the abuse of helpdesk; social engineering and red teaming.

3. Case study referring to the ISO 27001

The lecturer: Mr. Jacek Samujło, Chief Security Officer (LH Systems)

Presentation of an organizational case study related with implementation of ISO/IEC 27001 providing requirements for an information security management system (ISMS).